forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include/linux/sched
History
Jann Horn 48046e092a sched/fair: Don't free p->numa_faults with concurrent readers 
commit 16d51a590a upstream.

When going through execve(), zero out the NUMA fault statistics instead of
freeing them.

During execve, the task is reachable through procfs and the scheduler. A
concurrent /proc/*/sched reader can read data from a freed ->numa_faults
allocation (confirmed by KASAN) and write it back to userspace.
I believe that it would also be possible for a use-after-free read to occur
through a race between a NUMA fault and execve(): task_numa_fault() can
lead to task_numa_compare(), which invokes task_weight() on the currently
running task of a different CPU.

Another way to fix this would be to make ->numa_faults RCU-managed or add
extra locking, but it seems easier to wipe the NUMA fault statistics on
execve.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Fixes: 82727018b0 ("sched/numa: Call task_numa_free() from do_execve()")
Link: https://lkml.kernel.org/r/20190716152047.14424-1-jannh@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-08-04 09:30:56 +02:00
..
autogroup.h
clock.h
coredump.h oom, oom_reaper: do not enqueue same task twice 2019-02-06 17:30:14 +01:00
cpufreq.h
cputime.h
deadline.h
debug.h
hotplug.h
idle.h
init.h
isolation.h
jobctl.h
loadavg.h
mm.h coredump: fix race condition between collapse_huge_page() and core dumping 2019-06-22 08:15:21 +02:00
nohz.h
numa_balancing.h sched/fair: Don't free p->numa_faults with concurrent readers 2019-08-04 09:30:56 +02:00
prio.h
rt.h
signal.h ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK 2019-05-04 09:20:22 +02:00
smt.h x86/speculation: Rework SMT state change 2018-12-05 19:32:02 +01:00
stat.h
sysctl.h kernel/hung_task.c: allow to set checking interval separately from timeout 2018-08-22 10:52:47 -07:00
task.h
task_stack.h
topology.h sched/topology: Fix percpu data types in struct sd_data & struct s_data 2019-04-05 22:33:09 +02:00
user.h userns: use refcount_t for reference counting instead atomic_t 2018-08-22 10:52:46 -07:00
wake_q.h
xacct.h